We have temporarily disabled The Houndmaster (Bone Chill Event queue) and Baermar Uraz's Ugly Sweater Cosmetic (all queues) due to issues affecting gameplay.

Visit the Kill Switch Master List for more information on these and other current known issues: https://forums.bhvr.com/dead-by-daylight/kb/articles/299-kill-switch-master-list
The Dead by Daylight team would like your feedback in a Player Satisfaction survey.

We encourage you to be as honest as possible in letting us know how you feel about the game. The information and answers provided are anonymous, not shared with any third-party, and will not be used for purposes other than survey analysis.

Access the survey HERE!

Reminder that people have been getting DDoS'd through this game for the past four years.

Grum
Grum Member Posts: 273

And BHVR has known about it internally for the past two years.

Wonder when that's getting fixed?

Comments

  • Unimatrix00
    Unimatrix00 Member Posts: 459

    Ever consider that maybe it isn't fixable? To not have IP addresses shared between game players, everything would have to be run server-side, and I doubt that will happen. Further, isn't it a bug with steam that they can get the IP from them? At least, that is my understanding that the IP is looked up on steam,

  • Science_Guy
    Science_Guy Member Posts: 2,034

    How did you arrive at four years? It's been a thing since the very beginning of the game. In fact, it was way more of a problem back before dedicated servers.

    Conversely, while yes it has been happening for a very long time, people have also wrongly declared that they've been getting DDOSed for just as long.

  • SunsetSherbet
    SunsetSherbet Member Posts: 1,607

    The fact it seems unique to the steam version indicates to me that it's something that might require valve to assist/fix. And I don't see their incentive.

  • Smoe
    Smoe Member Posts: 2,964

    ///

  • kingcarl2012
    kingcarl2012 Member Posts: 1,710

    People have been getting ddos'd since before behaviour was a company as well dont forget about that.

  • Brokenbones
    Brokenbones Member Posts: 5,220

    This might not actually be true, take a look here:

    I imagine majority of people have never touched this setting before, so it would be set to 'Default'

    Default says that IPs are not shared unless it 'appears necessary'

  • ImprobableCarny
    ImprobableCarny Member Posts: 45

    Again, BHVR is not saying all reports were due to crashes. They're just saying many of the reports they received were related to a separate issue with crashes. There WERE crashing issues with the new patch, and I experienced them plenty, so it's weirder to act like THAT didn't happen. The issue is that lots of people don't know the difference, and KNOWING that the DDOS issues were happening, panicked and assumed the issues they had were related when they weren't. The non-streamer part of the playerbase is much larger than the streaming part and those were the people being addressed there.

    The attacks started with Steam. They continued for some people when they switched platforms, but if they hadn't changed their IP after the first attack, changing platforms wouldn't matter.

  • Grum
    Grum Member Posts: 273

    You're really giving BHVR the benefit of the doubt and I don't know why.

  • foodie
    foodie Member Posts: 437

    It is though. I got DDOSed twice today. I didn't get DDOSed in the initial wave that hit a lot of content creators, but it happened to me 2 hrs ago. It has also been happening to other players. I talked with some SWF groups that complained some of their group members have been getting DDOSed today.

    And I do find it interesting how these "crashes" started happening again and so severely hours after DBD's tweet

  • ImprobableCarny
    ImprobableCarny Member Posts: 45

    Sorry, what part of the tweet says "there were no DDOS attacks after all, it was all a bug that caused crashes"? No part, because that's not what it's saying.

  • Grum
    Grum Member Posts: 273

    The part where they imply people were just "crashing" and do not directly acknowledge that people are getting DDoS'd at all.

  • ImprobableCarny
    ImprobableCarny Member Posts: 45

    That's not what it says and if you'd quell madposting instinct for half a second you'd see that.

    Here is the full statement:

    "We have thoroughly investigated these reports over the past week. As of yet, there is no evidence we've seen to suggest any personal IP addresses have been leaked. Many of the reports we have received correlate to a crash, which has since been fixed in our last update.

    Your safety remains an utmost concern to us. 

    We will continue to monitor the situation to ensure that everyone can safely enjoy the game, and we encourage anyone who may have information on this or other vulnerabilities to reach out to us."

    AS OF YET = they are continuing to investigate

    "there is no evidence we've seen to suggest any personal IP addresses have been leaked" = they cannot find any IP leakages in the game itself. This is all they CAN say, because the game itself is the only thing they'd be able to investigate!

    They say that they received many reports that were actually related to the crashing issue, but people erroneously thought they may be related to the DDOS attacks. MANY and ALL are not the same words and do not have the same meaning.

    Again reiterating that they're monitoring the situation and encouraging people to continue reporting issues they face.

    None of it is dismissal. It's an honest update stating that they fixed one issue, could not find the source of another, and are still monitoring the problem.

  • foodie
    foodie Member Posts: 437

    What Grum said above. Not only is the situation not improved at all, it's worse. I understood that this affected only content creators, but I'm not a content creator, neither are the players I play with or the groups I was able to chat with. And the issue started happening today

  • Nazzzak
    Nazzzak Member Posts: 5,847

    But if the leak is not through DBD, and its through Steam as others have put forth, then they can't make that sort of claim or acknowledgement. Because they don't know. They can't go pointing the finger at other companies, it'll get them in trouble. They're saying everything is clear on their end.

  • MonsterDilf
    MonsterDilf Member Posts: 94

    Thank you for the call outs because the amount of coping/defending is ridiculous.


    Put pressure on them. This is unacceptable. YEARS later and they cannot hire a Cyber Architect to help with this issue? Or even move beyond Easy AntiCheat?

  • ImprobableCarny
    ImprobableCarny Member Posts: 45

    You say this started happening today. You've had your internet connection knocked out multiple times in one day? Have you reported this to your ISP and gotten their confirmation that it was an attack? Do you have Steam Networking on? Have you clicked any weird links lately? There are so many ways your IP could have leaked and it's important that all avenues are properly acknowledged and investigated because otherwise people get whipped into a panic like this. It's understandable to be freaked out, and nobody's berating y'all for that. The issue is that there's too many unknowns for anyone to be able to "confirm" anything.

  • foodie
    foodie Member Posts: 437

    They can acknowledge people are getting DDOSed without pointing out sources. They way they said it sounds like "some players' game crashed, it's fixed now". And yes they did have an issue, but it was a server issue again - random "disconnected from the host" during matches. It's unrelated to the complaints.

    My game didn't crash. I didn't just get disconnected from the match, my internet crashed.

  • ImprobableCarny
    ImprobableCarny Member Posts: 45
    edited March 2023

    The tweet in their quote tweet thread is literally acknowledging the DDOSing. You remember that twitter has a character limit, right? Like, maybe they could have phrased it more clearly, but they had a character limit (btw I hate Twitter for reasons like this).

    You can say it "sounded like" they said something, but they didn't. Read the tweet again. "Many" does not mean "all". I'm also not sure what your third sentence is trying to convey, sorry. I believe you that your internet crashed but I'm not your ISP so I can't tell you why. Report the issue to them and they can give you more information, and they might change your IP address too to further protect you.

  • foodie
    foodie Member Posts: 437

    I called my ISP while it was happening. Each time lasted 10 min. 10 min of having 0 connection to having some connection but then crashing again. I was in SWF and I wasn't the only one whose internet crashed. My ISP said it's not on their end. It was at 1 am, the late shifters are not exactly specialists, and I will need to call tomorrow again.

  • Nazzzak
    Nazzzak Member Posts: 5,847

    Because that might have been the reason behind *some* of the disconnection issues. In their investigation they very well might have found a glitch that has been kicking people from their games. This does *not* mean people aren't being DDOSed. I think it's pretty clear people are being DDOSed. Anyone with half a brain cell can see it's happening.

    But again, if they can't find evidence of a leak on their end then they can't go making any sort of claim. They're not going to say anything that risks any sort of lawsuit dropping on their heads.

  • ImprobableCarny
    ImprobableCarny Member Posts: 45

    I'm not an expert but this seems like a weird response from your ISP. If you were getting DDOS'd they should be able to see that and tell you. Definitely call them again, and update us if you want to. Specifically tell them you are worried that you are being targeted by DDOS attacks. Write down what info they give you so you can relay it to BHVR in a proper report.

    The thing with these issues is that there are so many variables and as much detail you can give, the better. A lot of people who had the crash problem probably just went to them like "OMG MY GAME CRASH IS IT DDOS???" with little other information and that's kind of skewed what they have to work with.

    I'm not a developer/IT guy but I've had to do internal management during outages, site problems, etc. and in those situations the majority of the reports we get really do amount to "THE THING ISNT WORKING HELP!!!" which, unfortunately, isn't very helpful. I wish we all had a giant "fix the problem" button, but alas.

  • foodie
    foodie Member Posts: 437

    I do believe it's a targeted attack since it seems a little too weird how it started happening again and to random players after their tweet. Some unofficial websites show crash reports of the game around the same time, conveniently in the middle of the night for EU players and during the day for US players

  • foodie
    foodie Member Posts: 437

    I know it's an attack because I never have internet issues - no fluctuations, no minor disconnects, no high ping or packet loss. I've made personal settings let's say to make sure my connection is at its optimal. My connection is stable. The same thing affected many others with different ISP, different regions. I also noted that my PC always showed having internet. It happened fast, but progressively towards the full crash. I saw my internet speed going down and fluctuating by 100 mb like how it happens when you're downloading something, except I wasn't downloading anything. Pages half opened, my Wi-Fi was still active and then it crashed for 10 min and came back again.

    Interestingly enough, I turned off steam networking after the second crash and did a trial game. 2 of my teammates crashed and I do believe they did, since they had no reason to DC, but I didn't that time. So maybe it comes from Steam and maybe that helps, who knows. I'm not at IT either

  • ImprobableCarny
    ImprobableCarny Member Posts: 45

    I never have internet problems either. Good ping, great upload, incredibly stable. ######### still happens. The only way to 100% confirm is through your ISP. The upside, though, is that they can change your IP for you, so if anyone does have your info still, you'll be better protected against them.

    I'm glad turning off Steam Networking seems to have helped. I think it's weird that it's on by default anyways. I know they say the default option only shares your IP if it finds it necessary, but their page doesn't really define what it considers to be necessary. 200ms? 50ms?

  • BradQuackson
    BradQuackson Member Posts: 385

    Hey. I saw on Twitter today of the recent DDOS attacks, I have been trying to talk about this forever. There was, still probably is, and was at the highest MMR alt accounts of known cheaters with different accounts linked to mains, an absolute rabbit hole that I couldn't wrap my mind around. I would be ddosed consistently within these games and nobody took me seriously, to the point where I had to quit because of time penalities. I made a few threads about this when usually my threads are COMPLETELY satire and joking.

  • Beatricks
    Beatricks Member Posts: 857
    edited March 2023

    Okay, so which content creator that cares so deeply about the community is going to stream without a VPN on Steam to bait out being DDOSed? I'm sorry, I meant bait out random crashing?


    I cannot fathom that the solution is this simple. Would be tremendously hilarious though.

  • Pulsar
    Pulsar Member Posts: 20,906
    edited March 2023

    I doubt it'll ever be fixed.

    It's been possible to DDoS people on console for the games entire lifespan. I think you might as well get used to it, it's probably not going anywhere, unfortunately

  • Phasmamain
    Phasmamain Member Posts: 11,534

    GTA online has the issue much worse from what I know anyway

  • Grum
    Grum Member Posts: 273

    Counterpoint: it's a poorly worded tweet that overtly makes it sound dismissal of people's experiences of getting DDoS'd.

  • Mandy
    Mandy Administrator, Dev, Community Manager Posts: 23,357

    If this is happening to you PLEASE send us your log files to Support - or dm me them here.

    As you can see from the tweet, we're not writing this off but we're asking for information from our players who say they've been affected, we can see from the log files that we're given what happened.

    Log files are also encrypted so there's no problem in posting them here.

  • Spare_Them_Mori_Me
    Spare_Them_Mori_Me Member Posts: 1,761

    Please send them this stuff. Lets get this over.

  • foodie
    foodie Member Posts: 437

    The main log won't be helpful, since I did a trial match after flushing my DNS and changing my Steam Networking settings. Would the backup files work? I see 2 last updated around the time of the crashes. I might also be able to get the logs of the other player

  • Mandy
    Mandy Administrator, Dev, Community Manager Posts: 23,357

    I don't know if those back up logs will give the right info, but lets try it (I'm not that technical I'm afraid). It definitely can't hurt and of course if you can supply the logs of someone else inthe match as well that would be great. The more solid information that we can provide with things like this, will definitely help.

  • oporopolist
    oporopolist Member Posts: 69

    With the greatest respect, IMHO you are approaching this from completely the wrong angle asking for users to send log files. Obtaining the software the hackers are using, either by hiring external security consultants to "infiltrate" or by purchasing it from one of their websites, might prove to resolve this a darn site quicker.

    Why do I say this? Last year when I was modding for a streamer who was held hostage, prior to OTZ publicising it to the point where it could not be ignored, I had a whispered conversation with a hacker who came to gloat.... He was able to give the IP address that the streamer was using. He claimed that the software he was using to "insert" himself into a lobby with the streamer was able to show various information about people in the lobby including MMR and IP address.

  • ImprobableCarny
    ImprobableCarny Member Posts: 45

    Yeah tell the community manager to go infiltrate a secret ring of mega hackers to obtain their software because one of them was kind enough to tell you about it a year ago. Really?

    Even if the logs don't have the information BHVR needs, there is literally no harm in providing them. Every piece of evidence they can obtain will help them investigate the problem. Any security consultants they speak to will likely want access to this data as well. If we, as a community, are having a problem, we need to work with the devs to the best of our ability and provide them with whatever information we can regarding our experiences. We cannot refuse to help while simultaneously demanding a resolution.

  • ImprobableCarny
    ImprobableCarny Member Posts: 45

    Great bot reply. Why would I want to be a Fog Whisperer? I'm not a streamer. All I did was re-post what they'd already posted and broke it down fifth grade English-teacher style so people that prefer getting angry over reading no longer have a choice. There isn't a big red "fix it" button that BHVR is just refusing to press, and they are not omnipotent -- if you don't do your basic due diligence in gathering information about what you experienced, how do you expect BHVR to get that information themselves?

  • RoastedGarlic
    RoastedGarlic Member Posts: 592

    Yeah we as players shouldn't need to use a vpn or change any settings to play the game safely. That is strictly up to the devs to shield us from this type of thing.

    Somehow we got posters like the above who think we should have to jump through hoops to play a damn game without the rest of our families being without internet at all because the devs won't fix a vulnerability that has been known and reported internally for years.

    "I dont trust some random on twitter" well that random on twitter unfortunately has more credibility than bhvr at this point, even if that is zero. bhvr is in the negatives at this point and time.

  • ImprobableCarny
    ImprobableCarny Member Posts: 45
    edited March 2023

    Giving BHVR a data log when reporting an issue is not "jumping through hoops" it's standard procedure when investigating problems. You guys have a completely cartoonish understanding of the way the world works. I've never said the issue is in no way related to BHVR, but they're not going to hold your hand and call your ISP for you.

    Some random on twitter does not have "more credibility" than BHVR. I could go on there now and make a tweet about how Cote broke into my house and put his fingers in my peanut butter jars and half the playerbase would believe it because they've primed themselves to believe anything that supports their base emotional kneejerks. You are all just frustrated and taking that frustration out in the easiest way you can without actually examining the situation you're in, and it's making you shortsighted. The frustration is understandable but we are presumably all adults here and capable of working with people to solve problems instead of just expecting them to solve themselves.

    Also if the issue IS with Steam Networking like... yes, turning it off is the quickest easiest way you can protect yourself, and for many people who have posted about it in these very forums, it has helped. Why you WOULDN'T flip a switch to make your life easier is beyond me.

  • KingFieldShipper
    KingFieldShipper Member Posts: 612

    Tbh it should be a mix of both. Logs may not solve the issue directly but it can give key points on what is happening. Logs also have to be decrypted on their end, so it's not like we can see what is in them and for all we know they added some logging that could help pinpoint things in the last hotfix.

    But I'd wager they are probably already trying to do that re: attempting to get ahold of the software - when they do security patches like patching out cheats that's typically probably what they are already doing. I've been under the impression that it's not just one group of hackers producing the cheats for the game, and I'm not even sure if the one to get ips is easy to get a hold of. Opsec 101 tells me that it probably is passed to people the guys who made it, but thats just me being paranoid.

    I'm just a lowly software engineer, not a [cyber]security researcher or anything like that, but have an interest in stuff like that, buttt I don't envy their jobs. But ya an outside security firm is definitely something they could look at if they can't figure things out internally.

  • Beatricks
    Beatricks Member Posts: 857

    "Some random on twitter does not have "more credibility" than BHVR."

    Yes, they have. Even Otz himself gives him credibility and I doubt he would believe some random person on the internet, I don't agree with him on a lot of things but I'll accept his judgement or inner knowledge on this issue.

    As far as BHVR is concerned, what exactly did they do when the Artist PTB was out and the DDOS-ing issue surfaced? They issued a warning on the forum and then...nothing. Weeks went by, months went by, years went by. I remember Pebsie advertising a VPN service after like a year where everyone long completely dropped the issue. None of the big name streamers brought it up and everyone on BHVR's side was absolutely silent, sweeping it under the rug. You had a thread asking about the DDOS situation every odd month or so. No information whatsoever, official or otherwise.

    It was never addressed whether or not THAT particular leak was fixed. Or if they even admit that actually existed in the first place. They literally ignored the problem until it came back to bite them in the back. Peanits himself could reply to this post and tell us details instead of the usual corporate response of 'taking the issue very seriously' and I wouldn't believe a single word. No offense to anyone on the dev team personally, at this point I fully believe the solution is strictly hindered by a monetary problem that is not approved from the higher ups. The devs are powerless to do anything, so they are hoping that the problem will go away when people get bored of paying money for the DDOS farms since streamers are mostly protected with VPN/preferential matchmaking.

  • Madjura
    Madjura Member Posts: 2,477
    edited March 2023

    Log files are also encrypted so there's no problem in posting them here.

    Presumably IP addresses are being leaked in some way which is causing the issues. Can you rule out the log files as the source of that? And just to clarify: this is rhetorical question and I do not expect you to leak internal information about what's in the log files or anything like that.

    Clearly you can decrypt them, otherwise you wouldn't ask people to DM them or send them to support. Maybe the attackers can decrypt them as well and pull the IP addresses of people who were in their game from it?

    Something along the lines of "<IP> joined your lobby" in the logs or something like that. Obviously I don't know what's in the log files so I can't comment on how realistic that scenario is.

    Your comment just gives off the impression that you assume that the log files can't be decrypted by third parties which I don't think is something you can (or should) be sure of. If you can decrypt it then anyone can, theoretically. There's a reason hashes are used for passwords and even those can be broken (though depending on the hash function used this is ideally infeasible).

  • KingFieldShipper
    KingFieldShipper Member Posts: 612
    edited March 2023

    So perhaps I can shed a little bit of light. There are things where you need specific files or key to decrypt. I'm notoriously a bad explainer of things but I'll try to be clear. For instance, take HTTPS - there is a public key and a private key used to generate the certificate that website's used to encrypt the traffic. If someone gets a hold of that private key they could decrypt that traffic (or in this case log files), but assuming that they use some sort of secure encryption to encrypt the logs it would be unlikely that it would be reverse engineered that easily. Think of it also like maybe email service like protonmail, that uses end to end encryption to make it so that only you can see the content because you have the key that to decrypt it, that is unlocked by your password. Or like a password manager as well.

    So a TLDR if it's encrypted securely a third-party person can't decrypt it without some sort of a key, and not in a timely manner with our processing power that we have today. I say that last part because of course all encryptions will be broken eventually, It's just a matter of time and processing power.


    This is a late edit to say I misspelled end to end encryption as internet encryption

    Post edited by KingFieldShipper on
  • ImprobableCarny
    ImprobableCarny Member Posts: 45

    No disrespect to Otz since he's a cool guy with good game sense, but we have to stop having our opinions and understanding of complex situations be spoonfed to us by people we do not know whose arguments boil down to "trust me, guys". And even on top of that... Otz's most recent tweets are straight up reiterating what I've said here! That maybe BHVR's tweet wasn't phrased well, but they are saying they have not found the leak, and that they solved an issue that was causing crashes for many people that were being erroneously reported as DDOS-related.

    The DDOS issue also stopped for a long period of time, after BHVR made a number of security updates. I'm having trouble navigating the older archives, but the most recent mention of security updates was October 2022, which includes notes on preventing hackers from sniping lobbies and crashing people's games. Sure, the people performing the attacks also might've just gotten bored and moved on - but you don't know that, any more than the rest of us do.

    Not knowing what's going on is certainly unnerving and it's right to be skeptical of what you see from BHVR, but you have to apply that skepticism in other areas too. If Mr. Ex Dev on Twitter knows the source of a serious security and privacy violation, why hasn't he provided that information to the authorities that could actually force a third party investigation? I've worked at crap jobs that had horrible policies that led to serious security concerns for both workers and customers. They weren't interested in changing it until the labour board got involved. So why the hesitation here? Everyone wants to believe that BHVR is solely at fault for this issue yet refuse to secure the evidence that could prove that they were affected. They believe BHVR can't be trusted yet cannot be bothered to go to anyone other than crypto miners on twitter with an axe to grind and no proof. If you feel like all the complaints so far haven't hurt BHVR, then who are you hurting?